Loading nixos/modules/services/networking/netbird.md +5 −0 Original line number Diff line number Diff line Loading @@ -76,6 +76,11 @@ Each Netbird client service by default: peer-to-peer communication, - can be additionally configured with environment variables, - automatically determines whether `netbird-ui-<name>` should be available, - does not enable [routing features](#opt-services.netbird.useRoutingFeatures) by default If you plan to use routing features, you must explicitly enable them. By enabling them, the service will configure the firewall and enable IP forwarding on the system. When set to `client` or `both`, reverse path filtering will be set to loose instead of strict. When set to `server` or `both`, IP forwarding will be enabled. [autoStart](#opt-services.netbird.clients._name_.autoStart) allows you to start the client (an actual systemd service) on demand, for example to connect to work-related or otherwise conflicting network only when required. Loading nixos/modules/services/networking/netbird.nix +41 −12 Original line number Diff line number Diff line Loading @@ -24,6 +24,7 @@ let mkMerge mkOption mkOptionDefault mkOverride mkPackageOption nameValuePair optional Loading Loading @@ -112,6 +113,23 @@ in }; ui.package = mkPackageOption pkgs "netbird-ui" { }; useRoutingFeatures = mkOption { type = enum [ "none" "client" "server" "both" ]; default = "none"; example = "server"; description = '' Enables settings required for Netbird's routing features like subnet routers and exit nodes. When set to `client` or `both`, reverse path filtering will be set to loose instead of strict. When set to `server` or `both`, IP forwarding will be enabled. ''; }; clients = mkOption { type = attrsOf ( submodule ( Loading Loading @@ -467,12 +485,22 @@ in networking.dhcpcd.denyInterfaces = toClientList (client: client.interface); networking.networkmanager.unmanaged = toClientList (client: "interface-name:${client.interface}"); networking.firewall.allowedUDPPorts = concatLists ( toClientList (client: optional client.openFirewall client.port) ); # Required for the routing ("Exit node") feature(s) to work boot.kernel.sysctl = mkIf (cfg.useRoutingFeatures == "server" || cfg.useRoutingFeatures == "both") { "net.ipv4.conf.all.forwarding" = mkOverride 97 true; "net.ipv6.conf.all.forwarding" = mkOverride 97 true; }; networking.firewall = { allowedUDPPorts = concatLists (toClientList (client: optional client.openFirewall client.port)); # Required for the routing ("Exit node") feature(s) to work checkReversePath = mkIf ( cfg.useRoutingFeatures == "client" || cfg.useRoutingFeatures == "both" ) "loose"; # Ports opened on a specific networking.firewall.interfaces = listToAttrs ( interfaces = listToAttrs ( toClientList (client: { name = client.interface; value.allowedUDPPorts = optionals client.openFirewall [ Loading @@ -480,6 +508,7 @@ in ]; }) ); }; systemd.network.networks = mkIf config.networking.useNetworkd ( toClientAttrs ( Loading Loading
nixos/modules/services/networking/netbird.md +5 −0 Original line number Diff line number Diff line Loading @@ -76,6 +76,11 @@ Each Netbird client service by default: peer-to-peer communication, - can be additionally configured with environment variables, - automatically determines whether `netbird-ui-<name>` should be available, - does not enable [routing features](#opt-services.netbird.useRoutingFeatures) by default If you plan to use routing features, you must explicitly enable them. By enabling them, the service will configure the firewall and enable IP forwarding on the system. When set to `client` or `both`, reverse path filtering will be set to loose instead of strict. When set to `server` or `both`, IP forwarding will be enabled. [autoStart](#opt-services.netbird.clients._name_.autoStart) allows you to start the client (an actual systemd service) on demand, for example to connect to work-related or otherwise conflicting network only when required. Loading
nixos/modules/services/networking/netbird.nix +41 −12 Original line number Diff line number Diff line Loading @@ -24,6 +24,7 @@ let mkMerge mkOption mkOptionDefault mkOverride mkPackageOption nameValuePair optional Loading Loading @@ -112,6 +113,23 @@ in }; ui.package = mkPackageOption pkgs "netbird-ui" { }; useRoutingFeatures = mkOption { type = enum [ "none" "client" "server" "both" ]; default = "none"; example = "server"; description = '' Enables settings required for Netbird's routing features like subnet routers and exit nodes. When set to `client` or `both`, reverse path filtering will be set to loose instead of strict. When set to `server` or `both`, IP forwarding will be enabled. ''; }; clients = mkOption { type = attrsOf ( submodule ( Loading Loading @@ -467,12 +485,22 @@ in networking.dhcpcd.denyInterfaces = toClientList (client: client.interface); networking.networkmanager.unmanaged = toClientList (client: "interface-name:${client.interface}"); networking.firewall.allowedUDPPorts = concatLists ( toClientList (client: optional client.openFirewall client.port) ); # Required for the routing ("Exit node") feature(s) to work boot.kernel.sysctl = mkIf (cfg.useRoutingFeatures == "server" || cfg.useRoutingFeatures == "both") { "net.ipv4.conf.all.forwarding" = mkOverride 97 true; "net.ipv6.conf.all.forwarding" = mkOverride 97 true; }; networking.firewall = { allowedUDPPorts = concatLists (toClientList (client: optional client.openFirewall client.port)); # Required for the routing ("Exit node") feature(s) to work checkReversePath = mkIf ( cfg.useRoutingFeatures == "client" || cfg.useRoutingFeatures == "both" ) "loose"; # Ports opened on a specific networking.firewall.interfaces = listToAttrs ( interfaces = listToAttrs ( toClientList (client: { name = client.interface; value.allowedUDPPorts = optionals client.openFirewall [ Loading @@ -480,6 +508,7 @@ in ]; }) ); }; systemd.network.networks = mkIf config.networking.useNetworkd ( toClientAttrs ( Loading
